git: 0b71d7d972e6 - main - security/modsecurity3: Update to 3.0.5

From: Ryan Steinmetz <zi_at_FreeBSD.org>
Date: Mon, 11 Oct 2021 16:16:27 UTC
The branch main has been updated by zi:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0b71d7d972e6f39c36ff9cc93dfa5c349c4a949a

commit 0b71d7d972e6f39c36ff9cc93dfa5c349c4a949a
Author:     Ryan Steinmetz <zi@FreeBSD.org>
AuthorDate: 2021-10-11 16:14:56 +0000
Commit:     Ryan Steinmetz <zi@FreeBSD.org>
CommitDate: 2021-10-11 16:16:10 +0000

    security/modsecurity3: Update to 3.0.5
    
    PR:             258801
    Approved by: maintainer
---
 security/modsecurity3/Makefile                     |   6 +-
 security/modsecurity3/distinfo                     |   6 +-
 .../modsecurity3/files/patch-src_operators_rx.cc   |  51 -------
 .../modsecurity3/files/patch-src_utils_regex.cc    |  40 ------
 .../modsecurity3/files/patch-src_utils_regex.h     |  35 -----
 ...tch-test_test-cases_regression_variable-TX.json | 146 ---------------------
 security/modsecurity3/pkg-plist                    |  31 +++--
 7 files changed, 24 insertions(+), 291 deletions(-)

diff --git a/security/modsecurity3/Makefile b/security/modsecurity3/Makefile
index 9cee083b764e..6cffad6e8317 100644
--- a/security/modsecurity3/Makefile
+++ b/security/modsecurity3/Makefile
@@ -1,7 +1,6 @@
 PORTNAME=	modsecurity
 DISTVERSIONPREFIX=	v
-DISTVERSION=	3.0.4
-PORTREVISION=	2
+DISTVERSION=	3.0.5
 CATEGORIES=	security www
 MASTER_SITES=	https://github.com/SpiderLabs/ModSecurity/releases/download/v${PORTVERSION}/
 PKGNAMESUFFIX=	3
@@ -17,10 +16,9 @@ LIB_DEPENDS=	libcurl.so:ftp/curl \
 		libyajl.so:devel/yajl \
 		libmaxminddb.so:net/libmaxminddb
 
-USES=		compiler:c++11-lang cpe gmake gnome libtool pkgconfig:build
+USES=		cpe gmake gnome libtool pkgconfig:build
 USE_GNOME=	libxml2
 # GCC because of https://github.com/SpiderLabs/ModSecurity/issues/1411
-USE_GCC=	yes
 USE_LDCONFIG=	yes
 
 CPE_VENDOR=	trustwave
diff --git a/security/modsecurity3/distinfo b/security/modsecurity3/distinfo
index 378c1b80adc1..5e9158a0a40c 100644
--- a/security/modsecurity3/distinfo
+++ b/security/modsecurity3/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1579339210
-SHA256 (modsecurity-v3.0.4.tar.gz) = b4231177dd80b4e076b228e57d498670113b69d445bab86db25f65346c24db22
-SIZE (modsecurity-v3.0.4.tar.gz) = 2806291
+TIMESTAMP = 1632981543
+SHA256 (modsecurity-v3.0.5.tar.gz) = 751bf95a7a8d39c440d0c26ec1f73961550ca2eb2ac9e2e7a56dce2dd7b959e9
+SIZE (modsecurity-v3.0.5.tar.gz) = 3485840
diff --git a/security/modsecurity3/files/patch-src_operators_rx.cc b/security/modsecurity3/files/patch-src_operators_rx.cc
deleted file mode 100644
index 0e8f626e59c1..000000000000
--- a/security/modsecurity3/files/patch-src_operators_rx.cc
+++ /dev/null
@@ -1,51 +0,0 @@
---- src/operators/rx.cc.orig	2020-01-13 13:09:28 UTC
-+++ src/operators/rx.cc
-@@ -38,7 +38,6 @@ bool Rx::init(const std::string &arg, st
- 
- bool Rx::evaluate(Transaction *transaction, Rule *rule,
-     const std::string& input, std::shared_ptr<RuleMessage> ruleMessage) {
--    std::list<SMatch> matches;
-     Regex *re;
- 
-     if (m_param.empty() && !m_string->m_containsMacro) {
-@@ -52,29 +51,29 @@ bool Rx::evaluate(Transaction *transacti
-         re = m_re;
-     }
- 
--    matches = re->searchAll(input);
-+    std::vector<Utils::SMatchCapture> captures;
-+    re->searchOneMatch(input, captures);
-+
-     if (rule && rule->m_containsCaptureAction && transaction) {
--        int i = 0;
--        matches.reverse();
--        for (const SMatch& a : matches) {
-+        for (const Utils::SMatchCapture& capture : captures) {
-+            const std::string capture_substring(input.substr(capture.m_offset,capture.m_length));
-             transaction->m_collections.m_tx_collection->storeOrUpdateFirst(
--                std::to_string(i), a.str());
-+                std::to_string(capture.m_group), capture_substring);
-             ms_dbg_a(transaction, 7, "Added regex subexpression TX." +
--                std::to_string(i) + ": " + a.str());
--            transaction->m_matched.push_back(a.str());
--            i++;
-+                std::to_string(capture.m_group) + ": " + capture_substring);
-+            transaction->m_matched.push_back(capture_substring);
-         }
-     }
- 
--    for (const auto & i : matches) {
--        logOffset(ruleMessage, i.offset(), i.str().size());
-+    for (const auto & capture : captures) {
-+        logOffset(ruleMessage, capture.m_offset, capture.m_length);
-     }
- 
-     if (m_string->m_containsMacro) {
-         delete re;
-     }
- 
--    if (matches.size() > 0) {
-+    if (captures.size() > 0) {
-         return true;
-     }
- 
diff --git a/security/modsecurity3/files/patch-src_utils_regex.cc b/security/modsecurity3/files/patch-src_utils_regex.cc
deleted file mode 100644
index ec2b6195545b..000000000000
--- a/security/modsecurity3/files/patch-src_utils_regex.cc
+++ /dev/null
@@ -1,40 +0,0 @@
---- src/utils/regex.cc.orig	2020-01-13 13:09:28 UTC
-+++ src/utils/regex.cc
-@@ -16,10 +16,6 @@
- #include "src/utils/regex.h"
- 
- #include <pcre.h>
--#include <sys/socket.h>
--#include <sys/types.h>
--#include <netinet/in.h>
--#include <arpa/inet.h>
- #include <string>
- #include <list>
- 
-@@ -99,6 +95,26 @@ std::list<SMatch> Regex::searchAll(const
-     return retList;
- }
- 
-+bool Regex::searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const {
-+    const char *subject = s.c_str();
-+    int ovector[OVECCOUNT];
-+
-+    int rc = pcre_exec(m_pc, m_pce, subject, s.size(), 0, 0, ovector, OVECCOUNT);
-+
-+    for (int i = 0; i < rc; i++) {
-+        size_t start = ovector[2*i];
-+        size_t end = ovector[2*i+1];
-+        size_t len = end - start;
-+        if (end > s.size()) {
-+            continue;
-+        }
-+        SMatchCapture capture(i, start, len);
-+        captures.push_back(capture);
-+    }
-+
-+    return (rc > 0);
-+}
-+
- int Regex::search(const std::string& s, SMatch *match) const {
-     int ovector[OVECCOUNT];
-     int ret = pcre_exec(m_pc, m_pce, s.c_str(),
diff --git a/security/modsecurity3/files/patch-src_utils_regex.h b/security/modsecurity3/files/patch-src_utils_regex.h
deleted file mode 100644
index 32652ce5c525..000000000000
--- a/security/modsecurity3/files/patch-src_utils_regex.h
+++ /dev/null
@@ -1,35 +0,0 @@
---- src/utils/regex.h.orig	2020-01-13 13:09:28 UTC
-+++ src/utils/regex.h
-@@ -19,6 +19,7 @@
- #include <fstream>
- #include <string>
- #include <list>
-+#include <vector>
- 
- #ifndef SRC_UTILS_REGEX_H_
- #define SRC_UTILS_REGEX_H_
-@@ -47,6 +48,16 @@ class SMatch {
-     size_t m_offset;
- };
- 
-+struct SMatchCapture {
-+    SMatchCapture(size_t group, size_t offset, size_t length) :
-+    m_group(group),
-+    m_offset(offset),
-+    m_length(length) { }
-+
-+    size_t m_group; // E.g. 0 = full match; 6 = capture group 6
-+    size_t m_offset; // offset of match within the analyzed string
-+    size_t m_length;
-+};
- 
- class Regex {
-  public:
-@@ -58,6 +69,7 @@ class Regex {
-     Regex& operator=(const Regex&) = delete;
- 
-     std::list<SMatch> searchAll(const std::string& s) const;
-+    bool searchOneMatch(const std::string& s, std::vector<SMatchCapture>& captures) const;
-     int search(const std::string &s, SMatch *m) const;
-     int search(const std::string &s) const;
- 
diff --git a/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json b/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json
deleted file mode 100644
index 485a9081af87..000000000000
--- a/security/modsecurity3/files/patch-test_test-cases_regression_variable-TX.json
+++ /dev/null
@@ -1,146 +0,0 @@
---- test/test-cases/regression/variable-TX.json.orig	2020-01-13 13:09:28 UTC
-+++ test/test-cases/regression/variable-TX.json
-@@ -80,5 +80,143 @@
-       "SecRule REQUEST_HEADERS \"@rx ([A-z]+)\" \"id:1,log,pass,capture,id:14\"",
-       "SecRule TX:0 \"@rx ([A-z]+)\" \"id:15\""
-     ]
-+  },
-+  {
-+    "enabled":1,
-+    "version_min":300000,
-+    "title":"Testing Variables :: capture group match after unused group",
-+    "client":{
-+      "ip":"200.249.12.31",
-+      "port":123
-+    },
-+    "server":{
-+      "ip":"200.249.12.31",
-+      "port":80
-+    },
-+    "request":{
-+      "uri":"/?key=aadd",
-+      "method":"GET"
-+    },
-+    "response":{
-+      "headers":{
-+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+        "Content-Type":"text/html"
-+      },
-+      "body":[
-+        "no need."
-+      ]
-+    },
-+    "expected":{
-+      "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1"
-+    },
-+    "rules":[
-+      "SecRuleEngine On",
-+      "SecRule ARGS \"@rx (aa)(bb|cc)?(dd)\" \"id:1,log,pass,capture,id:16\"",
-+      "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\""
-+    ]
-+  },
-+  {
-+    "enabled":1,
-+    "version_min":300000,
-+    "title":"Testing Variables :: empty capture group match followed by nonempty capture group",
-+    "client":{
-+      "ip":"200.249.12.31",
-+      "port":123
-+    },
-+    "server":{
-+      "ip":"200.249.12.31",
-+      "port":80
-+    },
-+    "request":{
-+      "uri":"/?key=aadd",
-+      "method":"GET"
-+    },
-+    "response":{
-+      "headers":{
-+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+        "Content-Type":"text/html"
-+      },
-+      "body":[
-+        "no need."
-+      ]
-+    },
-+    "expected":{
-+      "debug_log":"Added regex subexpression TX\\.3: dd[\\s\\S]*Target value: \"dd\" \\(Variable\\: TX\\:3[\\s\\S]*Rule returned 1"
-+    },
-+    "rules":[
-+      "SecRuleEngine On",
-+      "SecRule ARGS \"@rx (aa)(bb|cc|)(dd)\" \"id:18,phase:1,log,pass,capture\"",
-+      "SecRule TX:3 \"@streq dd\" \"id:19,phase:2,log,pass\""
-+    ]
-+  },
-+  {
-+    "enabled":1,
-+    "version_min":300000,
-+    "title":"Testing Variables :: repeating capture group -- alternates",
-+    "client":{
-+      "ip":"200.249.12.31",
-+      "port":123
-+    },
-+    "server":{
-+      "ip":"200.249.12.31",
-+      "port":80
-+    },
-+    "request":{
-+      "uri":"/?key=_abc123_",
-+      "method":"GET"
-+    },
-+    "response":{
-+      "headers":{
-+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+        "Content-Type":"text/html"
-+      },
-+      "body":[
-+        "no need."
-+      ]
-+    },
-+    "expected":{
-+      "debug_log":"Added regex subexpression TX\\.2: abc[\\s\\S]*Added regex subexpression TX\\.3: 123"
-+    },
-+    "rules":[
-+      "SecRuleEngine On",
-+      "SecRule ARGS \"@rx _((?:(abc)|(123))+)_\" \"id:18,phase:1,log,pass,capture\""
-+    ]
-+  },
-+  {
-+    "enabled":1,
-+    "version_min":300000,
-+    "title":"Testing Variables :: repeating capture group -- same (nested)",
-+    "client":{
-+      "ip":"200.249.12.31",
-+      "port":123
-+    },
-+    "server":{
-+      "ip":"200.249.12.31",
-+      "port":80
-+    },
-+    "request":{
-+      "uri":"/?key=a:5a:8a:9",
-+      "method":"GET"
-+    },
-+    "response":{
-+      "headers":{
-+        "Date":"Mon, 13 Jul 2015 20:02:41 GMT",
-+        "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT",
-+        "Content-Type":"text/html"
-+      },
-+      "body":[
-+        "no need."
-+      ]
-+    },
-+    "expected":{
-+      "debug_log":"Added regex subexpression TX\\.1: 5[\\s\\S]*Added regex subexpression TX\\.2: 8[\\s\\S]*Added regex subexpression TX\\.3: 9"
-+    },
-+    "rules":[
-+      "SecRuleEngine On",
-+      "SecRule ARGS \"@rx a:([0-9])(?:a:([0-9])(?:a:([0-9]))*)*\" \"id:18,phase:1,log,pass,capture\""
-+    ]
-   }
- ]
diff --git a/security/modsecurity3/pkg-plist b/security/modsecurity3/pkg-plist
index b3c760bc04f2..44f6c5f9c1a0 100644
--- a/security/modsecurity3/pkg-plist
+++ b/security/modsecurity3/pkg-plist
@@ -1,22 +1,29 @@
 bin/modsec-rules-check
-include/modsecurity/actions/action.h
 include/modsecurity/anchored_set_variable.h
+include/modsecurity/anchored_set_variable_translation_proxy.h
+include/modsecurity/rule_message.h
+include/modsecurity/rule_unconditional.h
+include/modsecurity/variable_origin.h
+include/modsecurity/transaction.h
 include/modsecurity/anchored_variable.h
-include/modsecurity/audit_log.h
-include/modsecurity/collection/collection.h
-include/modsecurity/collection/collections.h
-include/modsecurity/debug_log.h
 include/modsecurity/intervention.h
+include/modsecurity/collection/collections.h
+include/modsecurity/collection/collection.h
+include/modsecurity/rule_with_operator.h
+include/modsecurity/variable_value.h
+include/modsecurity/rules_set.h
+include/modsecurity/audit_log.h
 include/modsecurity/modsecurity.h
-include/modsecurity/reading_logs_via_rule_message.h
-include/modsecurity/rule.h
-include/modsecurity/rule_message.h
+include/modsecurity/debug_log.h
+include/modsecurity/rule_with_actions.h
+include/modsecurity/rules_set_properties.h
+include/modsecurity/rule_marker.h
 include/modsecurity/rules.h
 include/modsecurity/rules_exceptions.h
-include/modsecurity/rules_properties.h
-include/modsecurity/transaction.h
-include/modsecurity/variable_origin.h
-include/modsecurity/variable_value.h
+include/modsecurity/rules_set_phases.h
+include/modsecurity/reading_logs_via_rule_message.h
+include/modsecurity/actions/action.h
+include/modsecurity/rule.h
 lib/libmodsecurity.a
 lib/libmodsecurity.so
 lib/libmodsecurity.so.3